AD users can´t use the 10.4 mail service

[hbecerra]

Recently we decided to integrate the AD running on 2k3 and our 10.4.11 Xserve following the Mike Bombich instructions, each one server with near a hundred different users (200 total), mail was running fine for the Xserve users registered in the OD and we decided to extend the Xserve mail service to some AD users.
The fact is that the answer is “just” to use the SACL´s so :

a) We generated an OD group with OD users and one AD group with AD users and enabled the SACL access to mail to that two groups following the instructions, the OD group users have mail access with no problems besides the lost of some quotas and forwarding capabilities (not present in the GUI as far as I know) BUT the AD group´s users has no access to mail and says “mail is not enabled for this user” in the logs. We are using the web mail feature to check mail access.
b) As a second option we generated an OD group with the AD users that we want to use the MAIL feature but it isn´t working either.

All the people, forums (and the manual) says that is that easy and that works like a charm but is not working for me.
Any ideas, of what to verify or what could be wrong are really welcomed.

[emailman]

One difference in my case was I wasn’t using OD groups (although we do have an OD server). I just added the AD groups to the Mail SACL. We’re no longer using that mail system, so I can’t check the settings, but I remember reading in the OD/AD integration docs on afp548.com to put the AD group inside an OD group and grant access (SACL) to the OD group. Did you say you tried that? Some things to check: Do the AD users have the mail property filled in with their e-mail address? Can you open Terminal and run the id command against an AD user and see his/her group membership?

$ id johndoe

[Author]

Posts